Addressing key tech challenges in the public sector [Q&A]

Earlier this year the UK government released its State of digital government review, looking at how the public sector must urgently transform the way it approaches digital technology.

But with escalating cybersecurity threats, fragmented data strategies, and a widening digital skills gap, the sector may be setting itself up to fail. We spoke to Adam Casey, director of cyber security and CISO at tmc3, a Qodea company, to discuss the challenges the report raises and how they can be addressed.

BN: The report highlights that only 50 percent of public sector organizations feel confident in their resilience. What are the key approaches to strengthen defences and mitigate risks?

AC: First off, adopting a ‘zero trust’ security model is vital. Traditional passwords and security measures are no longer enough. Organizations must ensure that no user or device is trusted by default, and that continuous authentication and strict verification are required before granting access to sensitive systems.

A major weakness of many public sector organizations is that they still rely on legacy systems and outdated infrastructure that lack modern security features. Switching to cloud-based or hybrid solutions with built-in security controls can enhance protection while improving system efficiency.

At the same time, the public sector should be investing in continuous security training. Human error is one of the biggest vulnerabilities for any organization. Regular cybersecurity awareness training ensures employees can recognize threats like phishing, ransomware, and social engineering.

Finally, organizations must strengthen incident response and disaster recovery plans. This ensures they can react swiftly to cyberattacks, minimizing any downtime and data loss. Regular cybersecurity drills and penetration testing help organizations identify weaknesses before attackers do.

BN: What are the main challenges in implementing security technologies across large public sector organizations?

AC: The sheer complexity of a large public sector organization is hard to grasp. The UK public sector employs around six million people, across diverse roles and departments -- many of which must work together despite using disconnected software, technologies, and processes.

Take the National Health Service (NHS): a nurse, a consultant, a GP, and a hospital manager all interact with technology differently, with varying levels of security awareness. While frameworks like CAF aim to standardize security, they’re not a silver bullet. Many public sector systems are legacy technologies, deeply embedded in operations with no modern replacement, making upgrades difficult.

Adding to the challenge, security priorities shift with each government, budgets are tight, decision-making is slow, and cybersecurity expertise is scarce. But despite these barriers, modernizing cybersecurity is not optional -- it’s essential.

It’s not a question of if a cyberattack will happen, but when. The risks of inaction far outweigh the costs of upgrading. Public sector organizations must prioritize security before they’re forced to react to a crisis.

BN: Less than a third of public sector organisations report that their current data infrastructure supports a comprehensive view across their estate. What are the barriers to achieving a cohesive, operational data strategy in the public sector, and how can these be overcome?

AC: Public sector organizations hold a colossal amount of data -- more data than any other sector has access to. That data is held in thousands of different systems in thousands of different formats and utilized by employees in all kinds of different ways. Even something as simple as two datasets putting first names and surnames in a different order can introduce issues with compatibility.

But having a full view of a data estate is essential in the modern public sector, as events like the COVID pandemic have proved.

Migrating to the cloud, where possible, is the obvious first step for linking disparate systems and their datasets together. But 70 percent of cloud migrations fail, so it’s important to be strategic and selective, and to move in stages. Simplification is the key -- organizations should start with smaller datasets and then expand from there. This ensures they are getting the processes right before taking on more than they can handle. To do that, they need to decide which data sources will be most important to move first, focusing on those that will enable quick wins with minimal disruptions.

This can only be achieved through having employees with strong training in data governance. Having data experts on staff can help organizations better understand the maturity of their data infrastructure and assess their data estate in a more comprehensive way.

In most cases, the first step will be to bring in external data experts. Those experts can then upskill existing employees and make as many employees as possible into data specialists -- an initiative which will save time and resources in the long run.

BN: Many public sector organizations still rely on siloed systems. How can these organizations make their tech more efficient and unified?

AC: Sometimes there’s a false assumption that legacy systems and cloud cannot co-exist, but that’s not the case, providing a more obvious path for gradually moving away from siloed legacy tech altogether.

For example, organizations can begin moving only the front-end interface of their system to the cloud. This allows users -- both internal and external -- to access the services in a more joined-up way without disrupting legacy systems. And as a result, legacy systems can gradually be phased out over time.

Generally, though, I think public sector organizations across the board need to be having open and honest conversations with one another about the maturity of their tech. There’s so much they can learn about best practices from each other. You never know what innovative solutions might be out there in other departments.

BN: With the digital talent gap, what can the public sector do to attract and keep skilled professionals?

AC: Many people find great satisfaction in public service, but organizations must ensure they have the right tools and opportunities to develop and thrive.

Instead of relying solely on external hires, governments can develop digital expertise within their existing workforce through structured upskilling and reskilling programs. External partners can kickstart this process, but long-term success depends on strong internal training. Another pragmatic approach for highly sought after skilled resources would be for organizations to consider a future Target Operating Model of key functions managing ‘Managed Services’ from their partners, and not building or operating internal teams.

Investing in certifications for AI, cybersecurity, and other emerging technologies, alongside partnerships with universities, training providers, and tech firms, signals a commitment to continuous learning and professional growth. Skilled professionals are far more likely to join and stay in an organization that prioritizes development and offers clear career progression.

Beyond training, modernizing workplace technology, embracing flexible work arrangements, and fostering a culture of innovation will make the public sector a more attractive employer. By investing in its people and embracing digital transformation, the public sector can compete for top talent and build a workforce ready for the future.

Image credit: Artur Szczybylo/Dreamstime.com